From 0c87e4a76b392a481552008dcdd888026a2e307c Mon Sep 17 00:00:00 2001 From: Leonardo Arena Date: Mon, 14 Sep 2015 08:21:50 +0000 Subject: main/openldap: fix ber_get_next denial of service (CVE-2015-6908) http://www.openldap.org/its/index.cgi/Software%20Bugs?id=8240 (cherry picked from commit 4041a223b7e7b9a7ab163406bc7f4b04a4a8fad3) --- main/openldap/APKBUILD | 7 ++++++- main/openldap/CVE-2015-6908.patch | 25 +++++++++++++++++++++++++ 2 files changed, 31 insertions(+), 1 deletion(-) create mode 100644 main/openldap/CVE-2015-6908.patch diff --git a/main/openldap/APKBUILD b/main/openldap/APKBUILD index 3f15d44d54..f13d745670 100644 --- a/main/openldap/APKBUILD +++ b/main/openldap/APKBUILD @@ -1,7 +1,7 @@ # Maintainer: Natanael Copa pkgname=openldap pkgver=2.4.35 -pkgrel=2 +pkgrel=3 pkgdesc="LDAP Server" url="http://www.openldap.org/" arch="all" @@ -21,6 +21,8 @@ source="ftp://ftp.$pkgname.org/pub/OpenLDAP/$pkgname-release/$pkgname-$pkgver.tg openldap-2.4.11-libldap_r.patch CVE-2015-1545.patch CVE-2015-1546.patch + CVE-2015-6908.patch + slapd.initd slapd.confd slurpd.initd @@ -133,6 +135,7 @@ md5sums="cd75d82ca89fb0280cba66ca6bd97448 openldap-2.4.35.tgz d19d0502f046078ecd737e29e7552fa8 openldap-2.4.11-libldap_r.patch b7f994678db068bbe186ce92c73fb060 CVE-2015-1545.patch 09f2be28af8aaf2883446c85d854cfe8 CVE-2015-1546.patch +2df05f886ad96db4da8098078b3f8ae4 CVE-2015-6908.patch 41d45b9ed59037dcdf640e395ace113c slapd.initd b672311fca605c398240cd37a2ae080a slapd.confd fa5ce0005ef5f1160b6ff126f97aaa1a slurpd.initd" @@ -141,6 +144,7 @@ sha256sums="16100374c147df0d82a5c52ca60da5eca1a5ea8b5a187467d40a78e3691e9eeb op 3310a89d38bc39e6eb4333799d475411b274482b8bccab212b3edfd4385db70e openldap-2.4.11-libldap_r.patch 32d423d6b6bb8b16980de98f9ed1de581673c3a63de3a9b7d4841c2b037d27c1 CVE-2015-1545.patch 07d6feebc366c14e42b5027239e12d5ec2981714b6a61a1365981c20d9fd87de CVE-2015-1546.patch +6950a117365046be3c4f5a1b45557ac2d1df0201d354889b0d7be26dc517e31c CVE-2015-6908.patch 726efdbaceb1b907bb085b7996222a0bc83610730c5d6b9646b062e09f2ef964 slapd.initd 1ccb8a3b78b65b125b24779dd065cf8000e2d5e4da267bb0a892e730edd2055d slapd.confd 9cfe54485585a1bd74dd167c27ad9e60a5dec7351b6a64804749f253bb6cfbad slurpd.initd" @@ -149,6 +153,7 @@ sha512sums="b39232b4bab7ecb0ae14961adaa555590ca24ecbaeb3d94ea251e2de3bf7425ce364 44d97efb25d4f39ab10cd5571db43f3bfa7c617a5bb087085ae16c0298aca899b55c8742a502121ba743a73e6d77cd2056bc96cee63d6d0862dabc8fb5574357 openldap-2.4.11-libldap_r.patch 56394c12b08862843ab7d4a76f5c7f13eaecb2d9717a9571d792c1aa7b77e5b2267525c7d7ecdb646beac736ca437b9f10a17cb18fd54e9f9f2a5d02904cfafa CVE-2015-1545.patch 9eb54e63fecc7ad59bf710803a7da275ea1de069d1a27d56ee01417d33035d90d89ab9903de82154f625c796145c1056d5a52ad8bfb8238c7ab5304c413fd25b CVE-2015-1546.patch +f3d0a844aeea4215d5ce09df2d444b3a29cb43ffeca0d05ba29f72cb3666dd5dfb350467e8003b600e1a93990978b249c4756ad531c34bf538fa7e917d8ee9e5 CVE-2015-6908.patch 723fb2546ac8a3672240139d4b7ec5041be961990fd8385171a53c737436d6307dc05671fcd190dd5e3b3ee21967a2a632ec8852fe84519fdea0c7f535c598ee slapd.initd 8290769b63b3a5863622de2deb9269a0711ba5f4a225eb230d7c5097937b9d4e8cf5a998ee99232824e2335ae1b6e0114357b61c9611bc2460ebd195d12eabae slapd.confd 69ee0d739d8c8c1cb2478d5c864f703cba215d0ceb399da941c0ebc91e7de87a4d99172670686a84a98e57bde94837777a8066d27f79b6b8bf4bcd72336ce775 slurpd.initd" diff --git a/main/openldap/CVE-2015-6908.patch b/main/openldap/CVE-2015-6908.patch new file mode 100644 index 0000000000..9a2474c647 --- /dev/null +++ b/main/openldap/CVE-2015-6908.patch @@ -0,0 +1,25 @@ +From: Howard Chu +Date: Sat, 12 Sep 2015 21:18:22 +0000 (+0100) +Subject: Revert "Revert "ITS#8240 remove obsolete assert"" +X-Git-Url: http://www.openldap.org/devel/gitweb.cgi?p=openldap.git;a=commitdiff_plain;h=844ee7df820fa397249ce76984d2e7094746cd93;hp=55dd4d3275d24c5190fdfada8dfae0320628b993 + +Revert "Revert "ITS#8240 remove obsolete assert"" + +We have never documented our use of assert, so can't expect +builders to do the right thing. +This reverts commit 55dd4d3275d24c5190fdfada8dfae0320628b993. +--- + +diff --git a/libraries/liblber/io.c b/libraries/liblber/io.c +index 85c3e23..c05dcf8 100644 +--- a/libraries/liblber/io.c ++++ b/libraries/liblber/io.c +@@ -679,7 +679,7 @@ done: + return (ber->ber_tag); + } + +- assert( 0 ); /* ber structure is messed up ?*/ ++ /* invalid input */ + return LBER_DEFAULT; + } + -- cgit v1.2.3